REMARKS 

Claims 1-32 are pending in this application and stand rejected by the examiner. Claims 1 
and 30-32 are independent claims. Assignee traverses the rejections. 

Claim Rejections - 35 U.S.C. § 112 

Claims 11 and 12 stand rejected in the office action under 35 U.S.C. § 112, second 
paragraph, as not complying with the written description requirement. Assignee has amended 
claims 11 and 12 that parallels the disclosure in assignee's specification on page 12, lines 14-16 
which provides that "the authentication information includes a password or access code which is 
not known to a user of a remote device but is required for remote access to resources in the 
computer network.." 

With these amendments and remarks, assignee respectfully submits that the instant 
rejection has been traversed and the claims should be allowed. 

Claim Rejections - 35 U.S.C §§ 103 

Claims 1-19 and 24-32 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over U.S. Patent No. 6,161,185 issued to Guthrie et al. Claims 20-23 stand rejected under 35 
U.S.C. § 103(a) as being unpatentable over Guthrie in view of U.S. Patent No. 6,615,353 issued 
to Hashiguchi. These rejections are traversed. 

Claim 1 is directed to a system for distributing authentication information to users of 
remote devices. Claim 1 recites in combination with its other limitations that an authentication 
information store stores authentication information for a plurality of users, and that the 
authentication system retrieves the authentication information for one of the plurality of users 
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from the authentication information store. The retrieved authentication information is provided 
to the remote device. 

Claim 1 has been amended to include subject matter already examined with respect to 
claim 19, namely: the retrieved authentication information is provided to the remote device to 
authenticate a user requesting remote access to a computer network. 

The office action rejects claim 1 based upon Guthrie. On page 16. the office action 
maintained: 

Guthrie et al. does in fact disclose sending sensitive user information, such 
as an account password, from the server to a remote device (the user 
receives an account password) [column 5, lines 46-47]. Furthermore, the 
applicant argues that information such as an account ID would not be 
transmitted in Guthrie et al. from the server to the client. However the 
examiner respectfully disagrees and notes that Guthrie et al. does in fact 
disclose sending an account ID from the server to the client (the user 
receives a user account ID) [column 5, lines 46-47]. 

Assignee notes that the cited passage from Guthrie relates to a user initially establishing an 

account: 

The user 1 14 must initially establish an account with the server 104, which 
is stored in the user account database 120. For example, the user 114 
initially establishes an account with the server 104. The user 1 14 receives 
a user account ID and receives (or provides) an account password. 
[Guthrie at column 5, lines 46-47] 

In this passage from Guthrie, the information is being provided in order to establish an account. 

The information is not being used to authenticate a user as part of a process when a user is 

requesting access to a computer network as required by claim 1. 

Assignee further notes that assignee's statement in the previous office action response 

about sensitive information not being transmitted across a network is based upon express 

quotations from Guthrie itself. It is Guthrie saying its "personal authentication system ... is 

based on a challenge/response process that does not require users to transmit certain important 
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authentication information across the network." (Guthrie, column 4, lines 8-13) Still further 
Guthrie discloses that server-side sensitive authentication data in the user account table (e.g., a 
user's authentication password) is "never transmitted over the network where it could be exposed 
or compromised." (See Guthrie at column 4, lines 25-28). Figure 4 of Guthrie makes this clear 
that such data is never transmitted from the server over the network. In fact, only two pieces of 
information are passed from the server to the remote device when a user is requesting access: the 
challenge and the information about whether an authentication succeeded or failed. Neither of 
these pieces of information is stored in the user account database, though. These express 
statements of Guthrie make it clear that, in Guthrie, important authentication information is not 
being provided when a user is actually making a request for remote access. This is in stark 
contrast to claim 1, which is not directed to a user establishing an account, but rather is directed 
to, when a user is actually requesting access, retrieving authentication information from a store 
and sending it to the remote device for use in authenticating a user requesting remote access to a 
computer network. Lastly, assignee also notes in passing that column 5, lines 46-47 is silent as 
to who is actually providing the information to the user in order to establish an account; in other 
words, the disclosure does not disclose whether the server is actually providing the information. 

Because of such differences from Guthrie, claim 1 is patentable over Guthrie and 
therefore should be allowed. Because claim 1 is allowable, its dependent claims are also 
allowable. 

Assignee also respectfully disagrees with other positions in the office action. For 
example, assignee respectfully disagrees with the rejection of claim 3 that is based upon Guthrie. 
Claim 3 recites in combination with its other limitations that the authentication system is 
configured to receive a seed request from the remote device and return the seed to the remote 
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device. The office action states that this is disclosed by Guthrie at column 7, lines 5-6, which 
reads, "the client then transmits the response produced by the client SADB calculator to the 
server." The office action further states: the response is transmitted to the server for the purpose 
of requesting information (i.e., a message indicating whether the authentication succeeded or 
failed), which in turn implies that the server is in fact configured to receive a request (request for 
authentication) [column 7, lines 41-44]. Assignee disagrees that these passages disclose the 
subject matter of claim 3. Claim 3 is disclosing that the authentication system is returning the 
actual seed that is needed to gain access to the remote system and is not returning mere status 
information (i.e., a message indicating whether the authentication succeeded or failed) as 
disclosed in Guthrie. Because of such differences, claim 3 cannot be rendered unpatentable by 
Guthrie and should be allowed. 

In rejecting the other independent claims, the office action cites Guthrie as disclosing the 
subject matter recited in claims 30-32. Assignee respectfully disagrees. These claims refer to a 
user actually in the process of attempting to gain access to a computer resource (and not in the 
process of establishing an account). In these claims, the user provides a request for the 
authentication information that is stored in an authentication data store. After authentication of 
the user, the authentication information (that is stored in the data store) is returned to the remote 
device so that the remote device may access computer resources based upon the returned 
authentication information. Guthrie does not disclose such limitations. As shown above, 
Guthrie never discloses that, when a user is attempting to access a remote computer resource 
(e.g., a computer network), authentication information from an authentication information store 
is transmitted to a remote device. To stretch Guthrie to do this would go against Guthrie's 
express purpose of not transmitting stored authentication information over a network to a remote 
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device when a user is attempting to access a remote resource. Because Guthrie discloses such a 
different approach than the respective subject matter in claims 30-32, these claims are allowable 
and should proceed to issuance. 



CONCLUSION 



For the foregoing reasons, assignee respectfully submits that the pending claims are 



allowable. Therefore, the examiner is respectfully requested to pass this case to issuance. 



Respectfttjly submitted, 




Johfr V. Biernacki 
Reg. No. 40,511 
JONES DAY 
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